Commit Graph

3 Commits

Author SHA1 Message Date
Jiyong Park 599043a235 Unbundled test apps can obtain virtual machine permissions
Currently, tests for pKVM are written as hode-side tests which interact
with the platform using the `vm` tool. However, that approach has cause
many problems:

* Can't test Java APIs; we were testing the command line interface of
the tool actually.
* Unreliable connection to adb; we had to add busy loops to work around
some of the flakes.

We should move on to the device-side tests. There will be a
self-instrumened test apk which will be driven by tradefed.

However, one blocker to the plan is that the Java APIs are not available
to test apps, as we don't have a plan to make the APIs public in TM and
therefore we put the APIs behind signature-protected permissions
(com.android.MANAGE_VIRTUAL_MACHINE, com.android.DEBUG_VIRTUAL_MACHINE).
Since test apps can't be signed with the platform key, our test apk
can't have the permission.

This CL fixes the problem by turning on the `development` bit in the
protection level of the permissions. Then the permission can be granted
to the test apps satisfying following conditions (all):

* test app has `android:testOnly="true"` in its manifest. The flag
prevents the app from being uploaded to Play or installed from there.
* the app has to be installed with the "-t" (`INSTALL_ALLOW_TEST`) flag
* the permission has to be explicitly granted via `pm grant <package>
<perm>` command`.

Bug: 203483081
Test: TARGET_BUILD_APPS="MicrodroidDemoApp" m apps_only dist
adb install --no-streaming -t out/dist/MicrodroidDemoApp.apk
adb shell
$ su; setenforce 0 // will be fixed
$ pm grant com.android.microdroid.demo
android.permission.MANAGE_VIRTUAL_MACHINE
run the demo app

Change-Id: Ic163a3bc745fc310d690faddde638405faad686c
2021-10-19 17:15:28 +09:00
Alan Stokes 04b69ea231 Restrict MANAGE_VIRTUAL_MACHINE to platform signed apps
This may be loosened in the future, but for now only apps signed with
the platform key can create VMs.

Bug: 193373841
Test: Microdroid demo app, platform signed, still works.
Change-Id: I472730f51b912f71009314753a438e4117c6f71e
2021-09-08 12:06:52 +01:00
Jiyong Park 753553bdb8 Access control for virtualizationservice
The access to the virtualizationservice is now controlled via Android
permissions:

* android.permission.MANAGE_VIRTUAL_MACHINE
* android.permission.DEBUG_VIRTUAL_MACHINE

The two permissions are defined in a resource-only APK
android.system.virtualmachine.res. Virtualizationservice is modified to
do the permission check by using the permission controller service.

Bug: 168588769
Test: /apex/com.android.virt/bin/vm run-app --log /dev/null
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig assets/vm_config.json

Change-Id: Id210d2a55bc57bf03200c3c8546e3c63aa2a4c52
2021-07-13 22:02:32 +09:00